[rt-users] Avoiding backscatter & enabling self help

Odhiambo Washington odhiambo at gmail.com
Sat Apr 2 00:28:52 EDT 2011


On Sat, Apr 2, 2011 at 05:06, Kurt Zeilenga <kurt at openldap.org> wrote:

> We've been experimenting with RT this week at OpenLDAP.org for servicing
> various "help" and "contact" by email services... info at opendlap.org,
> webmaster at openldap.org, etc.   We have a general policy here at
> OpenLDAP.org to avoid email auto-responders, so as not to contribute to the
> backscatter problem.  But we also like "self help" services.
>
> We presently have the 'On Create Autoreply To Requestors' scrip disabled.
>
> I see there is a suggestion in the Wiki article <
> http://requesttracker.wikia.com/wiki/AutogeneratedPassword> for generating
> passwords on first create (from email) from the user, and including this in
> the autoreply on create message.  I'm wondering if I might apply this patch
> to the response ticket so that on response to a user without a password will
> cause a password to be generated.  That would provide some "self help"
> opportunities to the user.  Any thoughts on how best to do this?
>
> For all other possible emails to the requestor, never send if the password
> hasn't ever been set.  Any thoughts on how to accomplish this?
>

Without even reading the Wiki, what I recall off the top of my head is that
you need to replace the default Autoreply Template with the one  from the
Wiki. After that, you need to enable the scrip you disabled. This will have
your desired action.

Again, what we want is to never send an email to a requestor without a human
> generating a correspondence to that requestor (and hence setting up their
> password).  Until then, we want to assume the email had a forged from
> address.  Am I on the right track above?  or is there a better way to setup
> RT to behave in this manner?
>
> In that case, I believe you want full human intervention on creating users
and assigning them passwords. In that case, there is no need for using a
scrip. That is not the way I know RT to work. "Until then, we want to assume
the email had a forged from address" - makes me wonder how the human will
verify that the e-mail address is legit. Perhaps you need some custom
condition that will send out a mail to the address, with a url with captcha,
let the recipient follow the captcha... scratch that. I think what you need
is a "customized registration" page somewhere, which uses captcha, submits
the details to a custom script that then injects the details into RT and
generates a response to the registrant with their password, and details on
how to track their request via your RT.



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Damn!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110402/851b7dc7/attachment.htm>


More information about the rt-users mailing list